"Delay 2FA enforcement" not delaying for longer than 2 days

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Summary

I setup 2FA enforcement in a group, with a grace period of 384 hours. Here are my settings:

• (checked) All users in this group must set up two-factor authentication
• (unchecked) Subgroups can set up their own two-factor authentication rules
• Delay 2FA enforcement (hours): 384

This was done on Saturday (2 days ago) around 5pm GMT-3. Earlier today, our devs were asked to setup 2FA but they had the option to do it later, so some skipped it, no problem. But then, later (after around 5pm GMT-3), they were all forced to set it, with no option to skip it. I ended up having to completely disable 2FA enforcement instead for now.

Steps to reproduce

• Enable 2FA enforcement for a group, with 384h in "delay 2FA enforcement" (probably anything above 48h has this issue?);
• Wait 48h (I think);
• You'll be forced to set up 2FA or you can't access the group.

Example Project

It's an issue on groups, not projects.

What is the current bug behavior?

Described in the summary.

What is the expected correct behavior?

Wait for as many hours as I input in "Delay 2FA enforcement" before enforcing 2FA.

Relevant logs and/or screenshots

None.

Output of checks

This bug happens on GitLab.com